Document managing system, document managing apparatus and document managing method

ABSTRACT

A document managing system is provided with a plurality of document managing apparatuses each configured to retrieve a document stored in a storage according to a document ID and to judge whether or not an operation with respect to the retrieved document is possible according to a user ID that is generated with respect to each document managing apparatus, and a user ID generating apparatus provided externally to the document managing apparatuses and configured to generate a common user ID that is used in common among each of the document managing apparatuses. Each document managing apparatus has an export and import part configured to export and import data of an arbitrary document and an access control list (ACL).

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention generally relates to document managing systems,and more particularly to a document managing system which has aplurality of independent document managing apparatuses. The presentinvention also relates to a document managing apparatus and a documentmanaging method employed by the document managing system.

2. Description of the Related Art

A document managing apparatus formed by a server or the like that isprovided in a network, records document management information such asbibliographical information. The document management informationincludes, in addition to an identification (ID) of each document, userIDs (UIDs) of creators, readers, editors and the like. For example, theUID is used to manage rights to access the documents.

In relatively large organizations such as corporations, there oftenexist a plurality of independent document managing apparatuses.

FIG. 1 is a diagram showing a structure of an example of a conventionaldocument managing system. The document management apparatus 100 shown inFIG. 1 has a UID managing part 101 for managing UIDs, a documentmanaging part 102 for managing documents, a document database (DB) 103forming a storage for storing the documents, and an access control list(ACL) table 104 that records access right information related to accessrights to the documents. A document managing apparatus 200 has astructure similar to that of the document managing apparatus 100, andhas an UID managing part 201, a document managing part 202, a documentDB 203, and an ACL table 204.

For example, if a user wishes to access a target document that is storedin the document DB 103 of the document managing apparatus 100 in FIG. 1,the document managing part 102 acquires the UID of the user who isauthenticated by the UID managing part 101, with respect to the targetdocument that is retrieved from the document DB 103 according to thedocument ID, and refers to the access right information of the targetdocument by referring to the ACL table 104, and permits access to theuser within the range permitted for this user.

On the other hand, a Japanese Laid-Open Patent Application No.2004-70416 proposes a technique for providing services to a user in anetwork system employing a plurality of authentication systems, byauthenticating a user who is registered for one or a plurality ofauthentication systems of the network system as the user of a targetservice.

In the document managing system shown in FIG. 1 having the plurality ofindependent document managing apparatuses, there are cases where itbecomes necessary to distribute, move or integrate a portion or all ofthe documents managing in one document managing apparatus 100 to theother document managing apparatus 200, for example. In such cases, thetarget document is distributed from the document managing apparatus 100as export data D1 to the document managing apparatus 200, and thedocument managing apparatus 200 accepts the target document as importdata D2.

However, The UIDs in the document managing apparatus 100 are managed bythe UID managing part 101, and the UIDs in the document managingapparatus 200 are managed by the UID managing part 201, and the UIDs aredefined independently for each document managing apparatus. For thisreason, when the user who is permitted to access the target document inthe document managing apparatus 100 wishes to access the same targetdocument in the document managing apparatus 200, a situation may occurwhere the user is not be permitted access the target document in thedocument managing apparatus 200 even though the same user is makingaccess to the same target document.

If this situation occurs, it becomes necessary to reassign the accessright to the target document in the document managing apparatus 200. Butwhen a large number of documents are distributed, moved or integratedbetween the document managing apparatuses 100 and 200, the reassignmentof the access rights to the documents becomes an extremely troublesomeand complex operation, and there was a problem in that the load on amanager who manages the access rights to the documents will becomeconsiderably large.

SUMMARY OF THE INVENTION

Accordingly, it is a general object of the present invention to providea novel and useful document managing system, a document managingapparatus and a document managing method, in which the problemsdescribed above are suppressed.

Another and more specific object of the present invention is to providea document managing system, a document managing apparatus and a documentmanaging method, which can facilitate the management of the accessrights to documents when the documents are distributed, moved orintegrated among the plurality of independent document managingapparatuses of the document managing system.

Still another object of the present invention is to provide a documentmanaging system comprising a plurality of document managing apparatuses,each of the document managing apparatuses being configured to retrieve adocument stored in a storage according to a document ID, and to judgewhether or not an operation with respect to the retrieved document ispossible according to a user ID that is generated with respect to theeach of the document managing apparatuses; and a user ID generatingapparatus, provided externally to the document managing apparatuses, andconfigured to generate a common user ID that is used in common amongeach of the document managing apparatuses, wherein each of the documentmanaging apparatuses has an export and import part configured to exportand import data of an arbitrary document and an access control list(ACL). According to the document managing system of the presentinvention, it is possible to facilitate the management of the accessrights to documents when the documents are distributed, moved orintegrated among a plurality of independent document managingapparatuses of the document managing system.

A further object of the present invention is to provide a documentmanaging apparatus for retrieving a document stored in a storageaccording to a document ID and judging whether or not an operation withrespect to the retrieved document is possible according to a user IDthat is generated with respect to the document managing apparatus,comprising a user ID managing part configured to manage user IDs withinthe document managing apparatus by acquiring a common user ID that isgenerated by an external user ID generating apparatus and is used incommon among a plurality of document managing apparatuses including thedocument managing apparatus; and an export and import part configured toexport and import data of an arbitrary document and an access controllist (ACL). According to the document managing apparatus of the presentinvention, it is possible to facilitate the management of the accessrights to documents when the documents are distributed, moved orintegrated among a plurality of independent document managingapparatuses of a document managing system.

Another object of the present invention is to provide a documentmanaging method for a document managing system in which each of aplurality of document managing apparatuses is configured to retrieve adocument stored in a storage according to a document ID, and to judgewhether or not an operation with respect to the retrieved document ispossible according to a user ID that is generated with respect to saideach of the document managing apparatuses, comprising generating acommon user ID that is used in common among each of the documentmanaging apparatuses by a user ID generating apparatus that is providedexternally to the document managing apparatuses; and exporting andimporting data of an arbitrary document and an access control list (ACL)in response to a user instruction. According to the document managingmethod of the present invention, it is possible to facilitate themanagement of the access rights to documents when the documents aredistributed, moved or integrated among the plurality of independentdocument managing apparatuses of the document managing system.

Other objects and further features of the present invention will beapparent from the following detailed description when read inconjunction with the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram showing a structure of an example of a conventionaldocument managing system;

FIG. 2 is a diagram showing a structure of a first embodiment of adocument managing system according to the present invention;

FIG. 3 is a diagram for explaining a document distribution in the firstembodiment of the document managing system;

FIG. 4 is a diagram showing a screen for explaining an export operation;

FIG. 5 is a diagram showing a screen for explaining an import operation;

FIG. 6 is a diagram showing a structure of a second embodiment of thedocument managing system according to the present invention;

FIGS. 7A and 7B are diagrams for explaining a UID generating process ofthe second embodiment of the document managing system;

FIG. 8 is a diagram for explaining an ACL setting process of the secondembodiment of the document managing system;

FIG. 9 is a diagram showing an ACL table;

FIG. 10 is a diagram showing a structure of a third embodiment of thedocument managing system according to the present invention;

FIG. 11 is a diagram for explaining a UID generating process of thethird embodiment of the document managing system;

FIG. 12 is a diagram for explaining another UID generating process ofthe third embodiment of the document managing system;

FIG. 13 is a diagram showing a structure of a fourth embodiment of thedocument managing system according to the present invention; and

FIG. 14 is a diagram showing a UID generating process of the fourthembodiment of the document managing system.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

A description will be given of embodiments of the document managingsystem, the document managing apparatus and the document managing methodaccording to the present invention, by referring to FIG. 2 and thesubsequent figures.

First Embodiment

FIG. 2 is a diagram showing a structure of a first embodiment of thedocument managing system according to the present invention. Thedocument managing system shown in FIG. 2 has a first document managingapparatus 1 and a second document managing apparatus 2. Each of thefirst and second document managing apparatuses 1 and 2 may be adedicated server apparatus for exclusive use or, an apparatus, such as amulti function peripheral (MFP), having functions other than thedocument managing function.

The first document managing apparatus 1 has a user identification (UID)managing part 11 for managing UIDs, a document managing part 12 formanaging documents, a document database (DB) 13 forming a storage forstoring the documents, an access control list (ACL) table 14 thatrecords access right information related to access rights to thedocuments, and an export and import part 15 exporting and importing thedocuments and the ACL. Similarly, the second document managing apparatus2 has a user identification (UID) managing part 21 for managing UIDs, adocument managing part 22 for managing documents, a document database(DB) 23 forming a storage for storing the documents, an access controllist (ACL) table 24 that records access right information related toaccess rights to the documents, and an export and import part 25exporting and importing the documents and the ACL. The UID is notlimited to the kind of UID that is input at the time of theauthentication or the like, and may be any suitable UID indicating userattributes such as the post (group, department, etc.), the position andthe authority (authorized limits of rights or power).

In addition to the first and second document managing apparatuses 1 and2, the document managing system has a UID generating apparatus 3 forgenerating UIDs that are used in common between the first and seconddocument managing apparatuses 1 and 2. Of course, the number of documentmanaging apparatuses provided in the document managing system is ofcourse not limited to two.

When storing the document in the document DB 13 in the first documentmanaging apparatus 1, the document managing part 12 acquires the UIDfrom the UID managing part 11, and sets the acquired UID in the ACLtable 14 in correspondence with the document ID. In this state, the UIDmanaging part 11 acquires from the UID generating apparatus 3 a commonUID that is common to the first and second document managing apparatuses1 and 2, and this common UID is reflected to the ACL table 14.

Similarly, when storing the document in the document DB 23 in the seconddocument managing apparatus 2, the document managing part 22 acquiresthe UID from the UID managing part 21, and sets the acquired UID in theACL table 24 in correspondence with the document ID. In this state, theUID managing part 21 acquires from the UID generating apparatus 3 acommon UID that is common to the first and second document managingapparatuses 1 and 2, and this common UID is reflected to the ACL table24.

Hence, the UID can be made common between the first and second documentmanaging apparatuses 1 and 2 even when the first and second documentmanaging apparatuses 1 and 2 are independent of each other.Consequently, even when the documents are distributed, moved orintegrated between the first and second document managing apparatuses 1and 2, it is possible to avoid an inconvenient situation where the userwho is permitted to access a target document in one of the first andsecond document managing apparatuses 1 and 2 becomes unable to accessthe same target document in the other of the first and second documentmanaging apparatuses 1 and 2.

FIG. 3 is a diagram for explaining a document distribution in this firstembodiment of the document managing system. When distributing thedocument from the first document managing apparatus 1 to the seconddocument managing apparatus 2, the export and import part 15 of thefirst document managing apparatus 1 distributes, as export data D1, thedata of the document (that is, the document data) and the ACL data. Onthe other hand, the second document managing apparatus 2 receives thedocument data and the ACL data as import data D2, and stores thedocument data in the document DB 23 and reflects the ACL data in the ACLtable 24 (that is, modifies the document ID), so as to maintain accessright consistency.

FIG. 4 is a diagram showing a screen for explaining an export operation.In FIG. 4, a document 41 that is to be exported is selected by a clientsoftware of the first document managing apparatus 1 or on an operationpanel of an MFP, and an “Export” button in a pop-up menu 42 that isdisplayed is selected using a right-click of a mouse or the like, so asto instruct an export process. Then, a storage location of the exportdata is specified, and the execution of the export process isinstructed. The export and import part 15 shown in FIG. 3 inputs thedocument ID, and retrieves from the document DB 13 the document datacorresponding to the document ID. In addition, export and import part 15obtains the ACL data corresponding to the document ID from the ACL table14, and changes the document ID within the obtained ACL data to anindefinite value.

The export data may be moved to the second document managing apparatus 2by any suitable means, such as (A) sharing a disk in the network, (B)transferring the export data using the network by a file transferprotocol (ftp) or the like, and (C) using a removable storage mediumsuch as an universal serial bus (USB) memory key and an external harddisk drive (HDD).

FIG. 5 is a diagram showing a screen for explaining an import operation.In FIG. 5, a logical storage location 51 of the document, such as afolder, for storing the imported document, is selected by a clientsoftware of the second document managing apparatus 2 or on an operationpanel of an MFP, and an “Import” button 53 in a pop-up menu 52 that isdisplayed is selected using a right-click of a mouse or the like, so asto instruct an import process. Then, the import data is specified, andthe execution of the import process is instructed. The export and importpart 25 shown in FIG. 3 inputs the export data that includes thedocument data and the ACL data, registers the document data in thedocument DB 23, and obtains a new document ID. Next, the export andimport part 25 updates the document ID within the ACL data using the newdocument ID, and registers the ACL data having the updated document IDin the ACL table 24.

Instead of carrying out the export operation, the first documentmanaging apparatus 1 may directly carry out a distribution operation. Inthis case, the document that is to be distributed is selected by theclient software of the first document managing apparatus 1 or on theoperation panel of the MFP, so as to instruct a distribution process. Inaddition, the first document managing apparatus 1 specifies the seconddocument managing apparatus 2 as the distribution destination and thespecifies the logical storage location of the document, such as thefolder, within the second document managing apparatus 2, so as toinstruct the execution of the distribution process. The distributionoperation described above is realized by successively carrying out theexport process and the import process in this manner by the first andsecond document managing apparatuses 1 and 2.

Therefore, by providing the UID generating apparatus 3 externally to thefirst and second document managing apparatuses 1 and 2 and independentlyof the first and second document managing apparatuses 1 and 2, the firstand second document managing apparatuses 1 and 2 can share the servicesprovided by the UID generating apparatus 3. As a result, it is possibleto generate the common UID that is common to the first and seconddocument managing apparatuses 1 and 2 (that is, common to a plurality ofdocument managing apparatuses), and to provide the same UID with respectto the same user. Hence, it becomes unnecessary to reassign the accessrights to documents when the documents are distributed, moved orintegrated among a plurality of document managing apparatuses.

Second Embodiment

FIG. 6 is a diagram showing a structure of a second embodiment of thedocument managing system according to the present invention. In FIG. 6,those parts that are the same as those corresponding parts in FIG. 2 aredesignated by the same reference numerals, and a description thereofwill be omitted. In this second embodiment, the UID generating apparatus3 is formed by a lightweight directory access protocol (LDAP) server,and the UID managing parts 11 and 21 of the first and second documentmanaging apparatuses 1 and 2 are formed by user authentication for userdirectory (UAUD) parts in accordance therewith.

FIGS. 7A and 7B are diagrams for explaining a UID generating process ofthis second embodiment of the document managing system. When the user isspecified and the UID acquisition is requested from the UID managingpart 11 (or 21) of the document managing apparatus 1 (or 2) to the UIDgenerating apparatus 3 in a step S1 shown in FIG. 7A, the LDAP serverwhich forms the UID generating apparatus 3 returns a fully qualifieddistinguish name (FQDN), which is a global unique name of the user, in astep S2. Then, the UID managing part 11 (or 21) generates the UID fromthe FQDN in a step S3.

FIG. 7B shows a logical format of the UID of this embodiment. The UIDshown in FIG. 7B has an identifier for indicating a type of the user oruser group, a user space for identifying a type of the database thatstores the user information, and the FQDN that is acquired from the LDAPserver.

FIG. 8 is a diagram for explaining an ACL setting process of this secondembodiment of the document managing system. After the UID managing part11 (or 21) generates the UID in the step S3 shown in FIG. 8, the UIDmanaging part 11 (or 21) transfers the UID to the document managing part12 (or 22) in a step S4. The document managing part 12 (or 22) acquiresthe document ID from the document DB 13 (or 23) in a step S5, and setsthe acquired document ID in the ACL table 14 (or 24) in a step S6.

FIG. 9 is a diagram showing the ACL table 14 (or 24). In the ACL table14 (or 24) shown in FIG. 9, the UID and the access right are recorded inthe ACL table 14 (or 24) in correspondence with the document ID. In FIG.9, RW indicates the right to make access by referring or updating, and Rindicates the right to make access by referring.

Third Embodiment

FIG. 10 is a diagram showing a structure of a third embodiment of thedocument managing system according to the present invention. In FIG. 10,those parts that are the same as those corresponding parts in FIG. 6 aredesignated by the same reference numerals, and a description thereofwill be omitted. In FIG. 10, distinguish name (DN) compressing andexpanding parts 16 and 26 are additionally provided in the first andsecond document managing apparatuses 1 and 2, respectively. The DNcompressing and expanding part 16 compresses and expands the UID that isset in the ACL table 14, and the DN compressing and expanding part 26compresses and expands the UID that is set in the ACL table 24.Otherwise, the structure of this third embodiment is the same as that ofthe second embodiment shown in FIG. 6.

When the LDAP server is used as the UID generating apparatus 3, themaximum length of the FQDN data that is obtained therefrom cannot beprescribed in advance. On the other hand, in order to enable thedocument managing apparatus to create the ACL table that manages theACL, it is inconvenient from the point of view of prescribing the formatof the ACL table if the maximum length of the global unique name of theuser cannot be prescribed, as is the case of the FQDN data.

Hence, in this third embodiment, the FQDN that is obtained from the UIDgenerating apparatus 3 is not used as it is when generating the UID, butis compressed into a substitute FQDN that can be accommodated within theACL table even in the case of a relatively long FQDN. In other words, itis possible to extend the limit of the maximum length of the FQDN thatis recordable in the ACL table.

FIG. 11 is a diagram for explaining a UID generating process of thisthird embodiment of the document managing system. In FIG. 11, the FQDNthat is obtained from the UID generating apparatus 3 by the UID managingpart 11 (or 21) of the document managing apparatus 1 (or 2) iscompressed by the DN compressing and expanding part 16 (or 26) into acompressed FQDN in binary data state, in a step S11. Any suitable knowncompression techniques may be used for the compression of the FQDN, buton an average, it is possible to obtain a compression rate (orefficiency) on the order of approximately 70%.

Then, the DN compressing and expanding part 16 (or 26) generates thesubstitute FQDN in a step S12 by converting the compressed FQDN intotext such as Base 64, so that the substitute FQDN in a text data statemay be used as a portion of the UID. The data size slightly increases bythis conversion into the text, but the compression rate (or efficiency)on the order of approximately 50% can be anticipated by the combinationof the compression and the conversion into the text.

FIG. 12 is a diagram for explaining another UID generating process ofthis third embodiment of the document managing system. In this case,instead of directly compressing the FQDN that is obtained from the UIDgenerating apparatus 3, a normalizing process is carried out in a stepS21 to remove spaces (which should originally be ignored) before andafter a delimiter that may be included in the FQDN. Steps S22 throughS24 that are carried out thereafter are the same as the steps S11through S13 shown in FIG. 11, except that the step S22 compresses theFQDN that has been removed of the space.

Therefore, by compressing the FQDN as shown in FIG. 11 or FIG. 12, it ispossible to extend the limit of the maximum length of the FQDN that isusable for the ACL.

In addition, it is possible to acquire the original FQDN by carrying outan expanding operation in the DN compressing and expanding part 16 (or26) to expand the substitute FQDN under the control of the UID managingpart 11 (or 21). Accordingly, the document managing apparatus 1 (or 2)can make the access to the LDAP server which forms the UID generatingapparatus 3, in a normal manner.

Fourth Embodiment

FIG. 13 is a diagram showing a structure of a fourth embodiment of thedocument managing system according to the present invention. In FIG. 13,those parts that are the same as those corresponding parts in FIG. 6 aredesignated by the same reference numerals, and a description thereofwill be omitted. In FIG. 13, hash tables 17 and 27 are additionallyprovided in the first and second document managing apparatuses 1 and 2,respectively. In this fourth embodiment, the FQDN that is obtained fromthe UID generating apparatus 3 is not used as it is when generating theUID, similarly as in the case of the third embodiment described above,and the FQDN is subjected to a hash process, so that the FQDN that canbe accommodated within the ACL table even in the case of a relativelylong FQDN. More particularly, the UID managing part 11 (or 21) of thedocument managing apparatus 1 (or 2) carries out the hash process withrespect to the FQDN, and records a hash value and the original FQDN incorrespondence with each other in the hash table 17 (or 27). Inaddition, the hash value (or hash code) of the FQDN data and apredetermined number of header (or leading) bytes of the FQDN data areset in the ACL table 14 (or 24) as a substitute UID.

FIG. 14 is a diagram showing a UID generating process of this fourthembodiment of the document managing system. In FIG. 14, the UID managingpart 11 (or 21) of the document managing apparatus 1 (or 2) calculatesthe hash value using an algorithm such as MD5, based on the FQDNobtained from the UID generating apparatus 3, and sets the calculatedhash value in the hash table 17 (or 27) in correspondence with theoriginal FQDN, in a step S31. In this case, the hash values obtainedfrom the same FQDN will become the same, but in order to maintain thehash value to a small size, a plurality of FQDNs are allowed tocorrespond to the same hash value. It is assumed that the FQDN isnormalized to remove the unnecessary spaces prior to carrying out thehash process.

Then, the UID managing part 11 (or 21) regards the N header (or leading)bytes of the original FQDN, the delimiter (#) and the hash value as thesubstitute FQDN, and generates the UID by combining an identifier and auser space, in a step S32. The N header (or leading) bytes of theoriginal FQDN are included in the substitute FQDN in order to enable theFQDN to be specified, since a plurality of FQDNs are allowed tocorrespond to the same hash value. The FQDN is prescribed by the username, host name, sub domain name, domain name, organization type andcountry code, in this order. The identification of the FQDN becomes moredifficult towards the latter portion of this order, but since there isno information overlap at the header portion of the FQDN (that is, theinformation in the header portions of the FQDNs do not match), it ispossible to specify the FQDN by the header portion.

By generating the UID from the FQDN through the conversion into the hashvalue, the hash value having an arbitrary length can be made to uniquelycorrespond to the FQDN and be used as the substitute UID.

In addition, the UID managing part 11 (or 21) can acquire the originalFQDN from the hash table 17 (or 27) by carrying out a restorationoperation with respect to the substitute FQDN. Accordingly, the documentmanaging apparatus 1 (or 2) can make the access to the LDAP server whichforms the UID generating apparatus 3, in a normal manner.

This application claims the benefit of Japanese Patent Applications No.2005-315056 filed Oct. 28, 2005 and No. 2006-278079 filed Oct. 11, 2006,in the Japanese Patent Office, the disclosures of which are herebyincorporated by reference.

Further, the present invention is not limited to these embodiments, butvarious variations and modifications may be made without departing fromthe scope of the present invention.

1. A document managing system comprising: a plurality of documentmanaging apparatuses, each of the document managing apparatuses beingconfigured to retrieve a document stored in a document databaseaccording to a document ID, and to judge whether or not an operationwith respect to the retrieved document is possible according to a firstuser ID that is generated with respect to said each of the documentmanaging apparatuses; a user ID generating apparatus, providedexternally to the document managing apparatuses, configured to generatea second user ID that is common among the plurality of document managingapparatuses; each of the document managing apparatuses including a userID managing part configured to acquire and manage the first user ID andthe second user ID: a document managing part configured to manage thedocument in correspondence with an access right to the document byassociating the first user ID and the document ID: an access controllist (ACL) table part configured to register the access right to thedocument by associating the first user ID and the document ID as ACLdata; and an export and import part configured to export and importdocument data of the document and the ACL data, wherein a first exportand import part of a first document managing apparatus among theplurality of document managing apparatuses is configured to export thedocument data and the ACL data of the document to a second documentmanaging apparatus, a second export and import part of the seconddocument managing apparatus is configured to import the document dataand the ACL data of the document exported by the first export and importpart, a second document managing part of the second document managingapparatus is configured to register the received document data and theACL data in a document database of the second document managingapparatus, to acquire a new document ID, and to update the document IDincluded in the received ACL data to the new document ID, and a seconduser ID managing part of the second document managing apparatus isconfigured to acquire the second user ID, common among the first andsecond document managing apparatuses from the user ID generating part,and to associate and register the second user ID with the new documentID in an access control list (ACL) table part of the second documentmanaging apparatus.
 2. The document managing system as claimed in claim1, wherein the first export and import part changes a document ID withinthe data of the ACL into an indefinite value when exporting the documentdata and the ACL.
 3. The document managing system as claimed in claim 1,wherein the user ID managing part is configured to generate a user IDthat is set in the ACL table within said each of the document managingapparatuses based on a portion of data acquired from the user IDgenerating apparatus.
 4. A document managing apparatus for retrieving adocument stored in a document database according to a document ID andjudging whether or not an operation with respect to the retrieveddocument is possible according to a first user ID that is generated withrespect to the document managing apparatus, comprising: a user IDmanaging part configured to manage user IDs within the document managingapparatus by acquiring a second user ID that is generated by an externaluser ID generating apparatus and is common among a plurality of documentmanaging apparatuses including the document managing apparatus; adocument managing part configured to manage the document incorrespondence with an access right to the document by associating thefirst user ID and the document ID; an access control list (ACL) tablepart configured to register the access right to the document byassociating the first user ID and the document ID as ACL data; and anexport and import part configured to export and import document data andthe ACL data of an arbitrary document, wherein a first export and importpart of a first document managing apparatus among the plurality ofdocument managing apparatuses is configured to export the document dataand the ACL data of the document to a second document managingapparatus, a second export and import part of the second documentmanaging apparatus is configured to import the document data and the ACLdata of the document exported by the first export and import part, asecond document managing part of the second document managing apparatusis configured to register the received document data and the ACL data ina document database of the second document managing apparatus, toacquire a new document ID, and to update the document ID included in thereceived ACL data to the new document ID, and a second user ID managingpart of the second document managing apparatus is configured to acquirethe second user ID, common among the first and second document managingapparatuses from the user ID generating part, and to associate andregister the second user ID with the new document ID in a second ACLtable part of the second document managing apparatus.
 5. The documentmanaging apparatus as claimed in claim 4, wherein the export and importpart changes a document ID within the data of the ACL into an indefinitevalue when exporting the data of the document and the ACL.
 6. Thedocument managing apparatus as claimed in claim 4, wherein the user IDmanaging part generates a user ID that is set in the ACL table based ona portion of data acquired from the external user ID generatingapparatus.
 7. A document managing method for a document managing systemin which each of a plurality of document managing apparatuses isconfigured to retrieve a document stored in a document databaseaccording to a document ID, and to judge whether or not an operationwith respect to the retrieved document is possible according to a firstuser ID that is generated with respect to said each of the documentmanaging apparatuses, comprising: generating a second user ID that iscommon among each of the document managing apparatuses by a user IDgenerating apparatus; managing, in a user ID managing section, user IDswithin the document managing apparatus by acquiring the second user IDthat is generated by an external user ID generating apparatus and iscommon among a plurality of document managing apparatuses including thedocument managing apparatus; managing, in a document managing section,the document in correspondence with an access right to the document byassociating the first user ID and the document ID; registering, in anaccess control list (ACL) table section, the access right to thedocument by associating the first user ID and the document ID as ACLdata; and exporting and importing, through an export and import section,document and the ACL data of an arbitrary document in response to a userinstruction, wherein the exporting and importing includes exporting,from a first export and import section of a first document managingapparatus, the document data and the ACL data of the document to asecond document managing apparatus, and importing, in a second exportand import part of the second document managing apparatus, the documentdata and the ACL data of the document exported by the first export andimport section, the registering includes registering the receiveddocument data and the ACL data in a document database of the seconddocument managing apparatus, acquiring a new document ID, and updatingthe document ID included in the received ACL data to the new documentID, and the managing user IDs within the document managing apparatusincludes acquiring the second user ID, common among the first and seconddocument managing apparatuses from the user ID generating part, andassociating and registering the second user ID with the new document IDin an access control list (ACL) table section of the second documentmanaging apparatus.
 8. The document managing method as claimed in claim7, comprising: changing a document ID within ACL data into an indefinitevalue when exporting the document data and the ACL data.
 9. The documentmanaging method as claimed in claim 7, further comprising: generating auser ID that is set in the ACL table within said each of the documentmanaging apparatuses based on a portion of data acquired from the userID generating apparatus.
 10. The document managing system according toclaim 1, wherein each of the document managing apparatuses furthercomprises: a compressing part configured to compress the second user IDacquired from the user ID generating apparatus and to generate asubstitute compressed second user ID.
 11. The document managingapparatus according to claim 4, further comprising: a compressing partconfigured to compress the second user ID acquired from the user IDgenerating apparatus and to generate a substitute compressed second userID.
 12. The document managing method according to claim 7, wherein theacquiring the second user ID comprises: compressing the second user IDacquired from the user ID generating apparatus and generating asubstitute compressed second user ID.
 13. The document managing systemaccording to claim 1, wherein the UID managing part in each of thedocument managing apparatuses is configured to calculate hash valuesbased on the second user ID acquired from the user ID generatingapparatus and to generate a substitute hashed second user ID.
 14. Thedocument managing apparatus according to claim 4, wherein the UIDmanaging part is configured to calculate hash values based on the seconduser ID acquired from the user ID generating apparatus and to generate asubstitute hashed second user ID.
 15. The document managing methodaccording to claim 7, wherein the acquiring the second user IDcomprises: calculating hash values based on the second user ID acquiredfrom the user ID generating apparatus and generating a substitute hashedsecond user ID.